From c84af5da005589c86b96c4f5b4b58619f1a96c6337b13c9e0b92e5f653ea680d Mon Sep 17 00:00:00 2001 From: Dirk Mueller Date: Thu, 26 Oct 2017 10:23:16 +0000 Subject: [PATCH] Accepting request 536578 from home:jsegitz:branches:network - sshd_config is has now permissions 0600 in secure mode OBS-URL: https://build.opensuse.org/request/show/536578 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=120 --- openssh-askpass-gnome.spec | 2 +- openssh.changes | 5 +++++ openssh.spec | 8 ++++++-- 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/openssh-askpass-gnome.spec b/openssh-askpass-gnome.spec index 5e8fb63..f64bb63 100644 --- a/openssh-askpass-gnome.spec +++ b/openssh-askpass-gnome.spec @@ -1,7 +1,7 @@ # # spec file for package openssh-askpass-gnome # -# Copyright (c) 2017 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed diff --git a/openssh.changes b/openssh.changes index df72db5..9945451 100644 --- a/openssh.changes +++ b/openssh.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Oct 25 15:09:06 UTC 2017 - jsegitz@suse.com + +- sshd_config is has now permissions 0600 in secure mode + ------------------------------------------------------------------- Mon May 15 20:47:29 UTC 2017 - pcerny@suse.com diff --git a/openssh.spec b/openssh.spec index 42492dd..e57ba86 100644 --- a/openssh.spec +++ b/openssh.spec @@ -1,7 +1,7 @@ # # spec file for package openssh # -# Copyright (c) 2017 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -392,6 +392,7 @@ getent passwd sshd >/dev/null || %{_sbindir}/useradd -r -g sshd -d /var/lib/sshd %else %{fillup_and_insserv -n ssh sshd} %endif +%set_permissions /etc/ssh/sshd_config %preun %if %{uses_systemd} @@ -415,6 +416,9 @@ rpm -q openssh-fips >& /dev/null && DISABLE_RESTART_ON_UPDATE=yes %triggerin -n openssh-fips -- %{name} = %{version}-%{release} %restart_on_update sshd +%verifyscript +%verify_permissions -e /etc/ssh/sshd_config + %files %defattr(-,root,root) %exclude %{_bindir}/ssh%{CHECKSUM_SUFFIX} @@ -426,7 +430,7 @@ rpm -q openssh-fips >& /dev/null && DISABLE_RESTART_ON_UPDATE=yes %attr(0755,root,root) %dir %{_sysconfdir}/ssh %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli %verify(not mode) %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config -%verify(not mode) %attr(0640,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config +%verify(not mode) %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pam.d/sshd %if %{uses_systemd} %doc sshd.init